<?php

$page = "sites";

require 'require.php';

if (!(isset($_SESSION['user_id']) && ($_SESSION['user_id']))) {
	header("Location: signin.php");
	exit;
}

if (!(isset($_SESSION['openid_trust_root']) && ($_SESSION['openid_trust_root']))) {
	header("Location: index.php");
	exit;
}

$link_server = mysql_connect(OPENIDOO_DB_SERVER, OPENIDOO_DB_USER, OPENIDOO_DB_PASSWORD);
$select_db = mysql_select_db(OPENIDOO_DB_DATABASE, $link_server);

if ((!$link_server) or (!$select_db)) {
	die('Connection failed.');
} else {

	if (!($check_trust_root = mysql_query("SELECT user_id, trust_root, allow FROM openidoo_sites WHERE user_id='".mysql_escape_string($_SESSION['user_id'])."' AND trust_root='".mysql_escape_string($_SESSION['openid_trust_root'])."' AND allow='FOREVER'", $link_server))) {
		die('Query failed.');
	} else {

		if (mysql_num_rows($check_trust_root) > 0) {

			$assoc_handle = create_assoc_handle();
			$secret = create_secret();
			$expire = time()+1209600;

			if (isset($_SESSION['openid_trust_root']) && ($_SESSION['openid_trust_root'])) {
				$server_name = $_SESSION['openid_trust_root'];
			} else {
				$server_name = '';
			}

			if (!mysql_query("INSERT INTO openidoo_associations (assoc_handle, secret, server_name, expire, assoc_type) VALUES ('".mysql_escape_string($assoc_handle)."', '".mysql_escape_string($secret)."', '".mysql_escape_string($server_name)."', '".mysql_escape_string($expire)."', 'HMAC-SHA1')", $link_server)) {
				die('Query failed.');
			}

			$signed = create_signed();
			$sig = create_sig($secret, $signed, $_SESSION);

			$location_trust = $_SESSION['openid_return_to'];

			if (strpos(urldecode($location_trust), '?') !== FALSE) {
				$location_trust .= '&openid.mode=id_res';
			} else {
				$location_trust .= '?openid.mode=id_res';
			}

			$location_trust .= '&openid.identity='.urlencode($_SESSION['openid_identity']);
			$location_trust .= '&openid.assoc_handle='.urlencode($assoc_handle);
			$location_trust .= '&openid.return_to='.urlencode($_SESSION['openid_return_to']);
			$location_trust .= '&openid.signed='.urlencode($signed);
			$location_trust .= '&openid.sig='.urlencode($sig);

			if (isset($_POST['oit_nickname']) && ($_POST['oit_nickname'])) $location_trust .= '&openid.sreg.nickname='.urlencode($_POST['oit_nickname']);
			if (isset($_POST['oit_fullname']) && ($_POST['oit_fullname'])) $location_trust .= '&openid.sreg.fullname='.urlencode($_POST['oit_fullname']);
			if (isset($_POST['oit_email']) && ($_POST['oit_email'])) $location_trust .= '&openid.sreg.email='.urlencode($_POST['oit_email']);
			if (isset($_POST['oit_dob']) && ($_POST['oit_dob'])) $location_trust .= '&openid.sreg.dob='.urlencode($_POST['oit_dob']);
			if (isset($_POST['oit_gender']) && ($_POST['oit_gender'])) $location_trust .= '&openid.sreg.gender='.urlencode($_POST['oit_gender']);
			if (isset($_POST['oit_postcode']) && ($_POST['oit_postcode'])) $location_trust .= '&openid.sreg.postcode='.urlencode($_POST['oit_postcode']);
			if (isset($_POST['oit_country']) && ($_POST['oit_country'])) $location_trust .= '&openid.sreg.country='.urlencode($_POST['oit_country']);
			if (isset($_POST['oit_language']) && ($_POST['oit_language'])) $location_trust .= '&openid.sreg.language='.urlencode($_POST['oit_language']);
			if (isset($_POST['oit_timezone']) && ($_POST['oit_timezone'])) $location_trust .= '&openid.sreg.timezone='.urlencode($_POST['oit_timezone']);

			unset($_SESSION['openid_trust_root']);
			header("Location: ".$location_trust);
		}
	}
}

if (isset($_POST['oit_action']) && ($_POST['oit_action'])) {
	
	if (isset($_SESSION['openid_return_to']) && ($_SESSION['openid_return_to']) && isset($_SESSION['openid_trust_root']) && ($_SESSION['openid_trust_root']) && isset($_POST['oit_submit']) && ($_POST['oit_submit'] == 'Allow Forever')) {

		if ((!$link_server) or (!$select_db)) {
			die('Connection failed.');
		} else {

			if (!($check_trust_root = mysql_query("SELECT user_id, trust_root FROM openidoo_sites WHERE user_id='".mysql_escape_string($_SESSION['user_id'])."' AND trust_root='".mysql_escape_string($_SESSION['openid_trust_root'])."'", $link_server))) {
				die('Query failed.');
			} else {

				if (mysql_num_rows($check_trust_root) == 0) {
					mysql_query("INSERT INTO openidoo_sites (user_id, trust_root, allow, date) VALUES ('".mysql_escape_string($_SESSION['user_id'])."', '".mysql_escape_string($_SESSION['openid_trust_root'])."', 'FOREVER', NOW())",$link_server);
				}

				$assoc_handle = create_assoc_handle();
				$secret = create_secret();
				$expire = time()+1209600;

				if (isset($_SESSION['openid_trust_root']) && ($_SESSION['openid_trust_root'])) {
					$server_name = $_SESSION['openid_trust_root'];
				} else {
					$server_name = '';
				}

				if (!mysql_query("INSERT INTO openidoo_associations (assoc_handle, secret, server_name, expire, assoc_type) VALUES ('".mysql_escape_string($assoc_handle)."', '".mysql_escape_string($secret)."', '".mysql_escape_string($server_name)."', '".mysql_escape_string($expire)."', 'HMAC-SHA1')", $link_server)) {
					die('Query failed.');
				}

				$signed = create_signed();
				$sig = create_sig($secret, $signed, $_SESSION);

				$location_trust = $_SESSION['openid_return_to'];

				if (strpos(urldecode($location_trust), '?') !== FALSE) {
					$location_trust .= '&openid.mode=id_res';
				} else {
					$location_trust .= '?openid.mode=id_res';
				}

				$location_trust .= '&openid.identity='.urlencode($_SESSION['openid_identity']);
				$location_trust .= '&openid.assoc_handle='.urlencode($assoc_handle);
				$location_trust .= '&openid.return_to='.urlencode($_SESSION['openid_return_to']);
				$location_trust .= '&openid.signed='.urlencode($signed);
				$location_trust .= '&openid.sig='.urlencode($sig);

				if (isset($_POST['oit_nickname']) && ($_POST['oit_nickname'])) $location_trust .= '&openid.sreg.nickname='.urlencode($_POST['oit_nickname']);
				if (isset($_POST['oit_fullname']) && ($_POST['oit_fullname'])) $location_trust .= '&openid.sreg.fullname='.urlencode($_POST['oit_fullname']);
				if (isset($_POST['oit_email']) && ($_POST['oit_email'])) $location_trust .= '&openid.sreg.email='.urlencode($_POST['oit_email']);
				if (isset($_POST['oit_dob']) && ($_POST['oit_dob'])) $location_trust .= '&openid.sreg.dob='.urlencode($_POST['oit_dob']);
				if (isset($_POST['oit_gender']) && ($_POST['oit_gender'])) $location_trust .= '&openid.sreg.gender='.urlencode($_POST['oit_gender']);
				if (isset($_POST['oit_postcode']) && ($_POST['oit_postcode'])) $location_trust .= '&openid.sreg.postcode='.urlencode($_POST['oit_postcode']);
				if (isset($_POST['oit_country']) && ($_POST['oit_country'])) $location_trust .= '&openid.sreg.country='.urlencode($_POST['oit_country']);
				if (isset($_POST['oit_language']) && ($_POST['oit_language'])) $location_trust .= '&openid.sreg.language='.urlencode($_POST['oit_language']);
				if (isset($_POST['oit_timezone']) && ($_POST['oit_timezone'])) $location_trust .= '&openid.sreg.timezone='.urlencode($_POST['oit_timezone']);

				new_log('Approve Forever '.$_SESSION['openid_trust_root']);
				unset($_SESSION['openid_trust_root']);
				header("Location: ".$location_trust);
			}

		}

	} elseif (isset($_SESSION['openid_return_to']) && ($_SESSION['openid_return_to']) && isset($_POST['oit_submit']) && ($_POST['oit_submit'] == 'Allow Once')) {

		if ((!$link_server) or (!$select_db)) {
			die('Connection failed.');
		} else {

			$assoc_handle = create_assoc_handle();
			$secret = create_secret();
			$expire = time()+1209600;

			if (isset($_SESSION['openid_trust_root']) && ($_SESSION['openid_trust_root'])) {
				$server_name = $_SESSION['openid_trust_root'];
			} else {
				$server_name = '';
			}

			if (!mysql_query("INSERT INTO openidoo_associations (assoc_handle, secret, server_name, expire, assoc_type) VALUES ('".mysql_escape_string($assoc_handle)."', '".mysql_escape_string($secret)."', '".mysql_escape_string($server_name)."', '".mysql_escape_string($expire)."', 'HMAC-SHA1')", $link_server)) {
				die('Query failed.');
			}

			$signed = create_signed();
			$sig = create_sig($secret, $signed, $_SESSION);

			$location_trust = $_SESSION['openid_return_to'];

			if (strpos(urldecode($location_trust), '?') !== FALSE) {
				$location_trust .= '&openid.mode=id_res';
			} else {
				$location_trust .= '?openid.mode=id_res';
			}

			$location_trust .= '&openid.identity='.urlencode($_SESSION['openid_identity']);
			$location_trust .= '&openid.assoc_handle='.urlencode($assoc_handle);
			$location_trust .= '&openid.return_to='.urlencode($_SESSION['openid_return_to']);
			$location_trust .= '&openid.signed='.urlencode($signed);
			$location_trust .= '&openid.sig='.urlencode($sig);

			if (isset($_POST['oit_nickname']) && ($_POST['oit_nickname'])) $location_trust .= '&openid.sreg.nickname='.urlencode($_POST['oit_nickname']);
			if (isset($_POST['oit_fullname']) && ($_POST['oit_fullname'])) $location_trust .= '&openid.sreg.fullname='.urlencode($_POST['oit_fullname']);
			if (isset($_POST['oit_email']) && ($_POST['oit_email'])) $location_trust .= '&openid.sreg.email='.urlencode($_POST['oit_email']);
			if (isset($_POST['oit_dob']) && ($_POST['oit_dob'])) $location_trust .= '&openid.sreg.dob='.urlencode($_POST['oit_dob']);
			if (isset($_POST['oit_gender']) && ($_POST['oit_gender'])) $location_trust .= '&openid.sreg.gender='.urlencode($_POST['oit_gender']);
			if (isset($_POST['oit_postcode']) && ($_POST['oit_postcode'])) $location_trust .= '&openid.sreg.postcode='.urlencode($_POST['oit_postcode']);
			if (isset($_POST['oit_country']) && ($_POST['oit_country'])) $location_trust .= '&openid.sreg.country='.urlencode($_POST['oit_country']);
			if (isset($_POST['oit_language']) && ($_POST['oit_language'])) $location_trust .= '&openid.sreg.language='.urlencode($_POST['oit_language']);
			if (isset($_POST['oit_timezone']) && ($_POST['oit_timezone'])) $location_trust .= '&openid.sreg.timezone='.urlencode($_POST['oit_timezone']);

			new_log('Approve Once '.$_SESSION['openid_trust_root']);
			unset($_SESSION['openid_trust_root']);
			header("Location: ".$location_trust);
		}

	} elseif (isset($_SESSION['openid_return_to']) && ($_SESSION['openid_return_to']) && isset($_POST['oit_submit']) && ($_POST['oit_submit'] == 'Cancel')) {

		$URL_cancel_request = $_SESSION['openid_return_to'];

		if (strpos(urldecode($_SESSION['openid_return_to']), '?') !== FALSE) {
			$URL_cancel_request .= "&openid.mode=cancel";
		} else {
			$URL_cancel_request .= "?openid.mode=cancel";
		}

		new_log('Disapprove for'.$_SESSION['openid_trust_root']);
		unset($_SESSION['openid_trust_root']);
		header("Location: ".$URL_cancel_request);
	}
	
}

if (isset($_SESSION['openid_sreg_required']) && ($_SESSION['openid_sreg_required'])) $array_sreg_required = explode(',', $_SESSION['openid_sreg_required']);
if (isset($_SESSION['openid_sreg_optional']) && ($_SESSION['openid_sreg_optional'])) $array_sreg_optional = explode(',', $_SESSION['openid_sreg_optional']);

if ((!$link_server) or (!$select_db)) {
	die('Connection failed.');
} else {

	if (isset($_GET['persona_id']) && ($_GET['persona_id'])) {
	
		if (!($sql_persona = mysql_query("SELECT persona_id, user_id, `default`, persona_name, nickname, fullname, email, dob, gender, postcode, country, language, timezone FROM openidoo_personas WHERE user_id='".mysql_escape_string($_SESSION['user_id'])."' AND persona_id='".mysql_escape_string($_GET['persona_id'])."' AND `default`='1'", $link_server))) {
			die('Query failed.');
		} else {

			if (mysql_num_rows($sql_persona) > 0) {
				$persona_default_persona_id = mysql_result($sql_persona, 0, 'persona_id');
				$persona_default_persona_name = mysql_result($sql_persona, 0, 'persona_name');
				$persona_default_nickname = mysql_result($sql_persona, 0, 'nickname');
				$persona_default_fullname = mysql_result($sql_persona, 0, 'fullname');
				$persona_default_email = mysql_result($sql_persona, 0, 'email');
				$persona_default_dob = mysql_result($sql_persona, 0, 'dob');
				$persona_default_gender = mysql_result($sql_persona, 0, 'gender');
				$persona_default_postcode = mysql_result($sql_persona, 0, 'postcode');
				$persona_default_country = mysql_result($sql_persona, 0, 'country');
				$persona_default_language = mysql_result($sql_persona, 0, 'language');
				$persona_default_timezone = mysql_result($sql_persona, 0, 'timezone');
			}

		}
	
	} else {

		if (!($sql_persona = mysql_query("SELECT persona_id, user_id, `default`, persona_name, nickname, fullname, email, dob, gender, postcode, country, language, timezone FROM openidoo_personas WHERE user_id='".mysql_escape_string($_SESSION['user_id'])."' AND `default`='1'", $link_server))) {
			die('Query failed.');
		} else {

			if (mysql_num_rows($sql_persona) > 0) {
				$persona_default_persona_id = mysql_result($sql_persona, 0, 'persona_id');
				$persona_default_persona_name = mysql_result($sql_persona, 0, 'persona_name');
				$persona_default_nickname = mysql_result($sql_persona, 0, 'nickname');
				$persona_default_fullname = mysql_result($sql_persona, 0, 'fullname');
				$persona_default_email = mysql_result($sql_persona, 0, 'email');
				$persona_default_dob = mysql_result($sql_persona, 0, 'dob');
				$persona_default_gender = mysql_result($sql_persona, 0, 'gender');
				$persona_default_postcode = mysql_result($sql_persona, 0, 'postcode');
				$persona_default_country = mysql_result($sql_persona, 0, 'country');
				$persona_default_language = mysql_result($sql_persona, 0, 'language');
				$persona_default_timezone = mysql_result($sql_persona, 0, 'timezone');
			}

		}

	}
	
}

if ((!$link_server) or (!$select_db)) {
	die('Impossible de se connecter');
} else {
	if (!($list_personas = mysql_query("SELECT persona_id, user_id, `default`, persona_name FROM openidoo_personas WHERE user_id='".mysql_escape_string($_SESSION['user_id'])."' ORDER BY `default` DESC, persona_name ASC", $link_server))) {
		die('Une erreur est survenue');
	}
}

require "html/top.html";
require "html/trust.html";
require "html/bottom.html";

?>
